Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-2034 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for re
|
13-02-2023 - 04:42 | 14-05-2014 - 19:55 | |
CVE-2013-2033 | 2.1 |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML
|
13-02-2023 - 04:42 | 10-04-2014 - 20:29 | |
CVE-2013-1808 | 4.3 |
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web sc
|
13-02-2023 - 04:41 | 02-04-2013 - 03:23 | |
CVE-2013-0162 | 2.1 |
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
CVE-2012-3465 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web scri
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3424 | 5.0 |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attac
|
08-08-2019 - 15:42 | 08-08-2012 - 10:26 | |
CVE-2012-3463 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the pr
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3464 | 4.3 |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HT
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-2660 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2694 | 4.3 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2661 | 5.0 |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2695 | 7.5 |
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certai
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2013-0155 | 6.4 |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass inte
|
08-08-2019 - 15:42 | 13-01-2013 - 22:55 | |
CVE-2013-0276 | 4.3 |
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
|
08-08-2019 - 15:42 | 13-02-2013 - 01:55 | |
CVE-2012-5371 | 5.0 |
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)
|
29-08-2017 - 01:32 | 28-11-2012 - 13:03 | |
CVE-2012-4466 | 5.0 |
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the
|
12-02-2014 - 04:39 | 25-04-2013 - 23:55 | |
CVE-2012-4464 | 5.0 |
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainte
|
27-08-2013 - 03:27 | 25-04-2013 - 23:55 | |
CVE-2012-4522 | 5.0 |
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
|
04-05-2013 - 03:20 | 24-11-2012 - 20:55 |